Replies: 3 comments 1 reply
-
Beta Was this translation helpful? Give feedback.
-
|
In general I think the API surface for extensions should only be interfaces, no class, static methods, utility classes, or anything like that |
Beta Was this translation helpful? Give feedback.
-
|
Fyi, I'm offering a custom public SPI BOM, where I align the dependencies with the major and minor Keycloak runtime libs: https://github.com/dasniko/keycloak-spi-bom It's not only me using this BOM, there are several other projects using it. So, there is demand among the developers. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, there are internal KC libs referenced. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
When it comes to building Keycloak extensions it can be difficult to know what is supported and what is not.
In general if the
Providerinterface is inserver-spian extension can call the provider, and if theProviderFactoryinterface is inserver-spi-privateit is supported to implement a custom provider. In many cases you're not really supposed to call providers directly, but rather through managers. Where managers don't really have a standard way to discover them. Some are available on KeycloakSession while some are not. Maybe there's also a need for a public Provider interface, and a private Provider interface?However, which of all the other modules are supported APIs, and which are not? There's a lot of utility classes around, and wrappers like
TokenManagerfor instance. These are hard to find, and often the APIs are not great at all.Then comes the next question around dependencies? Should one add custom dependencies? If so how do you make sure they don't conflict with the dependency versions from the distribution? There's no really easy way to include all dependencies for Keycloak into your extension. Did anyone say a BOM?
One thing I had in mind is that we would create a new KeycloakSession interface or something that contains supported APIs to build extensions on top of. And essentially anything you can do through KeycloakSession is supported, but anything else is not supported. Want to decode a JWT for instance? Well, then call
KeycloakSession.apis().jwt().decodeToken(...)or something along those lines. Everything would be discoverable through theKeycloakSession, and there would not be any static utilities, managers, or anything else dangling around.The other thing would be to add an BOM with supported dependencies to build an extension on top of. This would be a subset of the dependencies in the distribution, and only contain dependencies you should be calling (for example not Quarkus APIs directly).
A final thing to note here is that some things in the Keycloak code base is incredibly complex to deal with as the API is not great. For example doing something as basic as generating or validating a JWS is really messy and complex.
Beta Was this translation helpful? Give feedback.
All reactions